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n A Provisional Patent Application under 37 C.F.R. 1 .53(c). 
D A Design Patent Application (submitted in duplicate). 

Including the following: 

Provisional Application Cover Sheet. 

1^ New or Revised Specification, including pages 1 to 48 containing: 

^ Specification 
1^ Claims 

1^ Abstract 

Substitute Specification, including Claims and Abstract. 

IZI The present application is a continuation application of Application No. _ 

filed . The present application includes the Specification 

of the parent application which has been revised in accordance with the 
amendments filed in the parent application. Since none of those 
amendments incorporate new matter into the parent application, the 
present revised Specification also does not include new matter. 



The present application is a continuation application of Application No. 

filed , which in tum is a continuation-in-part of Application 

No. filed . The present application includes the 

Specification of the parent application which has been revised in 
accordance with the amendments filed in the parent application. Although 
the amendments in the parent C-I-P application may have incorporated 
new matter, since those are the only revisions included in the present 
application, the present application includes no new matter in relation to 
the parent application. 



D A copy of earUer application Serial No. Filed , 

including Specification, Claims and Abstract (pages 1 - @@), to which no new matter 
has been added TOGETHER WITH a copy of the executed oath or declaration for such 
earlier application and all drawings and appendices. Such earlier application is hereby 
incorporated into the present application by reference. 
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[U Please enter the following amendment to the Specification under the Cross-Reference to 
Related Applications section (or create such a section) : "This AppUcation: 

is a continuation of is a divisional of claims benefit of U.S. provisional 
Application Serial No. filed 



n Signed Statement attached deleting inventor(s) named in the prior application. 
CH A Preliminary Amendment. 

^ TenriO^ Sheets of ^ Formal □ Informal Drawings. 

□ Petition to Accept Photographic Drawings, 
n Petition Fee 

1^ An 1^ Executed Unexecuted Declaration or Oath and Power of Attorney. 



An Associate Power of Attorney. 



1^ An 1^ Executed □ Copy of Executed Assignment of the Invention to 
Microsoft Corporation 

1^ A Recordation Form Cover Sheet, 

^ Recordation Fee - $40.00. 
The prior application is assigned of record to 
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C Priority is claimed under 35 U.S.C. § 1 1 9 of Patent Application No. 

filed in (coiintry). 

□ A Certified Copy of each of the above applications for which priority is claimed: 
CH is enclosed. 

n has been filed in prior application Serial No. filed . 

□ AnD Executed or U Copy of Executed Earlier Statement Claiming Small Entity Status 
under 37 C.F.R. 1.9 and 1.27 

is enclosed. 

has been filed in prior application Serial No. filed , said 

status is still proper and desired in present case. 

n Diskette Containing DNA/Amino Acid Sequence Information. 

□ Statement to Support Submission of DNA/Amino Acid Sequence Information. 

The computer readable form in this application , is identical with that filed in 

Application Serial Number , filed . In accordance with 37 CFR 

1.821(e)5 please use the [U first-filed, D last-filed or D only computer readable form 
filed in that application as the computer readable form for the instant application. It is 
understood that the Patent and Trademark Office will make the necessary change in 
application number and filing date for the computer readable form that will be used for 

the instant application. A paper copy of the Sequence Listing is LH included in the 

originally-filed specification of the instant application, D included in a separately filed 
preliminary amendment for incorporation into the specification. 

□ Information Disclosure Statement. 

□ Attached Form 1449. 

n Copies of each of the references listed on the attached Form PTO-1449 are 
enclosed herewith. 

□ A copy of Petition for Extension of Time as filed in the prior case. 

□ Appended Material as follows: . 
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Two checks are enclosed: (1) in the amount of $690,00 for the application filing fee; 
and (2) in the amount of $40.00 for the Assignment recordation fee. 

The Commissioner is authorized to charge payment of the following fees and to refund 

any overpayment associated with this communication or during the pendency of this 
application to deposit account 23-3050. This sheet is provided in duplicate. 
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Any additional filing fees required, including fees for the presentation of extra 
claims under 37 C.F,R. 1.16. 



Any additional patent application processing fees under 37 C.F.R. 1.17 or 1.20(d). 



□ 



The issue fee set in 37 C.F.R. L18 at the mailing of the Notice of Allowance, 



1^ The Commissioner is hereby requested to grant an extension of time for the appropriate 
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submitted to the U.S. Patent and Trademark Office in the above-identified application 
during the pendency of this application. The Commissioner is further authorized to 
charge any fees related to any such extension of time to deposit account 23-3050. This 
sheet is provided in duplicate. 
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SYSTEM AND METHOD FOR DOCUMENT ISOLATION 

TECHNICAL FIELD 

The present invention relates generally to the 
field of workflow management systems and, more 
particularly, to methods and systems for restricting 
access to documents and operations performed on those 
documents while being routing through a workflow. 

BACKGROUND OF THE INVENTION 

Computer based document management systems, 
which traditionally have provided a mechanism to organize 
and control access to electronic documents, have been 
improved to facilitate workflow and document publishing. 
For example, document management systems now provide the 
capability to define a workflow template that specifies 
that a person or set of persons must review or approve a 
document before the document is made generally available. 
Such workflow templates are particularly useful in a 
document publishing environment where approval processes 
are commonplace . 

A particularly important operation in workflow 
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systems is managing access to documents as they move 
through various stages of a workflow. In a typical 
document-publishing scenario, significant time can elapse 
between creation of a document and final approval of the 
5 document for external viewing or publishing. For 

example, after an author revises an existing document and 
enters the revised document into a publishing workflow, 
several editors may need to review the document prior to 
the document receiving final approval for viewing by 

10 people outside the publishing group. It may take an 

extended period before the editors have an opportunity to 
review the document. In the meantime, it is necessary to 
restrict access to the revised document until it receives 
final approval . Indeed, it is necessary to restrict 

15 access to the document even if the editing process takes 
only short time. Editors should be given access to the 
new version of the document for purposes of editing and 
approving the document while those without approval 
authority should be given access to the original version 

20 of the document without revisions. Thus, it can be said 
that the original or ''base" document and the revised 
document should be maintained separately, or ''isolated" 
from each other and access given as appropriate to one or 
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the other during the period that the document is 
undergoing approval in the publishing workflow. 

It is also necessary to control access to the 
publishing operations that may be performed on a document 
as it is routed through a workflow. For example, while a 
document may be checked-out for revision numerous times 
during the course of a workflow, at any given time, 
however, only specific sets of individuals should have 
permission to perform this operation. 

Thus, there is a need for systems and methods 
for controlling access to documents and operations to be 
performed on those documents while documents are routed 
through a workflow. Specifically, there is a need for 
systems and methods to "isolate'' the base document from 
the revised document that is undergoing editing in a 
workflow. Users should selectively be directed to the 
appropriate version of the document that they are 
authorized to see. Further, users should selectively be 
permitted to perform operations on the documents. 
Preferably, the systems and methods are extensible to 
accommodate user-defined workflows and workflow 
operations . 
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SUMMARY OF THE INVENTION 

The present invention is directed toward 
systems and methods to address these needs. According to 
an aspect of the invention, when a revision is made to an 
5 original or ''base" document and the revision placed in a 
workflow, a separate ''working'' copy of the base document 
is generated. As the document moves through the 
workflow, new versions of the "working" copy document may 
also be generated. Security controls , which define who 

10 may access the base document as well as any versions of 
the working copy document, are defined and stored in 
relation to the documents. The security controls 
further define the types of actions users may take with 
respect to the document. For example, the security 

15 controls may specify that a user should be given access 
to the working copy document as opposed to the base 
document and should have the capability to check-out the 
working copy of the document for revision. 

Upon receipt of a request to perform an 

20 operation on a document during the period that the 

document is in the workflow, the security controls are 
referenced to determine whether the user has permissions 
to perform the operation as well as to which version of 
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the document the user should be directed. For example, a 
user may desire to check-out a document for purposes of 
editing the document. The security controls associated 
with the document are referenced to identify to which 
version of the document the user should be directed as 
well as to determine whether the particular user may 
check-out the document for editing. 

In an embodiment of the invention, users are 
assigned roles and document security controls are 
defined in terms of these roles. For example, in a 
publishing workflow having an editing state and approval 
state, users might be assigned one of two different 
roles, reviewer and approver. During the editing state, 
the security controls might be defined to provide check- 
out capabilities to reviewers while denying check-out 
privileges to approvers. When the document enters the 
approval state, the security controls are defined to 
grant approvers check-out privileges while denying the 
same privileges to reviewers. 

As will be readily appreciated from the 
foregoing description, systems and methods in accordance 
with the invention facilitate controlling access to 
documents and the operations performed on those documents 
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during periods when the document is undergoing revision 
in a workflow. 

BRIEF DESCRIPTION OF THE DRAWINGS 

5 Other features of the invention are further 

apparent from the following detailed description of 
presently preferred exemplary embodiments of the 
invention taken in conjunction with the accompanying 
drawings, of which: 
10 FIGURE 1 is a block diagram of a general 

purpose computer system for implementing the present 
invention; 

FIGURE 2 is a block diagram illustrating a 
network architecture, in accordance with the present 
15 invention; 

FIGURE 3 is a block diagram illustrating 
representative modules of system software that operate in 
accordance with the invention; 

FIGURE 4 is a chart illustrating a workflow 
20 that may be facilitated by systems and methods in 
accordance with the present invention; 

FIGURE 5 is a table illustrating values for the 
access controls that may be maintained for a document as 

6 
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the document moves through states of a publishing 
workflow; 

FIGURE 6 is a flow diagram of a process for 
handling a user request to access a document in 
accordance with the invention; 

Figure 7 is a flow diagram of a process for 
handling a user request to perform a publishing operation 
on a document in accordance with the present invention; 

FIGURE 8 is a flow diagram illustrating the 
process for resolving whether a user should be granted 
permission to perform a publishing operation in 
accordance with the present invention; 

FIGURE 9 is an illustrative example of 
component parts of a security descriptor in accordance 
with the present invention; and 

FIGURE 10 is an illustrative example of 
component parts of an access control list in accordance 
with the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

OVERVIEW 

The present invention is directed to novel 
systems and methods for controlling access to 
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information, particularly documents. According to an 
aspect of the invention, when a revision is made to a 
document and the revision placed in a publishing 
workflow, a separate "working" copy of the original or 
"base" document is generated. As the document moves 
through the workflow, new versions of the "working" copy 
document may also be generated. Security controls, 
which are used to identify who may access the base 
document as well as to determine which version of the 
working copy document a user should be directed to if one 
exists, are defined and stored in relation to the 
documents. The security controls further define the 
types of actions users may take with respect to the 
document. For example, the security controls may be 
used in combination with information regarding the state 
of the document and the role of the user to identify that 
a user should be given access to the working copy 
document and should have the capability to check-out the 
working copy of the document for revision. 

Prior to explaining the details of the 
invention, it is useful to provide a description of a 
suitable exemplary environment in which the invention may 
be implemented . 

8 
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EXEMPLARY OPERATING ENVIRONMENT 
1. A Computer Environment 

Figure 1 and the following discussion are 
intended to provide a brief general description of a 
5 suitable computing environment in which the invention may 
be implemented. Although not required, the invention 
will be described in the general context of 
computer-executable instructions, such as program 
modules, being executed by a computer, such as a 

10 workstation or server. Generally, program modules 

include routines, programs, objects, components, data 
structures and the like that perform particular tasks or 
implement particular abstract data types. Moreover, 
those skilled in the art will appreciate that the 

15 invention may be practiced with other computer system 
configurations, including hand-held devices, 
multi -processor systems, microprocessor-based or 
programmable consumer electronics, network PCS, 
minicomputers, mainframe computers and the like. The 

20 invention may also be practiced in distributed computing 
environments where tasks are performed by remote 
processing devices that are linked through a 
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communications network. In a distributed computing 
environment, program modules may be located in both local 
and remote memory storage devices. 

With reference to Figure 1, an exemplary system 
for implementing the invention includes a general purpose 
computing device in the form of a conventional personal 
computer 2 0 or the like, including a processing unit 21, 
a system memory 22, and a system bus 23 that couples 
various system components including the system memory to 
the processing unit 21. The system bus 23 may be any of 
several types of bus structures including a memory bus or 
memory controller, a peripheral bus, and a local bus 
using any of a variety of bus architectures. The system 
memory includes read-only memory (ROM) 24 and random 
access memory (RAM) 25. A basic input /output system 26 
(BIOS) , containing the basic routines that help to 
transfer information between elements within the personal 
computer 20, such as during start-up, is stored in ROM 
24. The personal computer 20 may further include a hard 
disk drive 2 7 for reading from and writing to a hard 
disk, not shown, a magnetic disk drive 2 8 for reading 
from or writing to a removable magnetic disk 29, and an 
optical disk drive 3 0 for reading from or writing to a 
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removable optical disk 31 such as a CD-ROM or other 
optical media. The hard disk drive 27, magnetic disk 
drive 28, and optical disk drive 3 0 are connected to the 
system bus 23 by a hard disk drive interface 32, a 
magnetic disk drive interface 33, and an optical drive 
interface 34, respectively. The drives and their 
associated computer-readable media provide non-volatile 
storage of computer readable instructions, data 
structures, program modules and other data for the 
personal computer 20. Although the exemplary environment 
described herein employs a hard disk, a removable 
magnetic disk 2 9 and a removable optical disk 31, it 
should be appreciated by those skilled in the art that 
other types of computer readable media which can store 
data that is accessible by a computer, such as magnetic 
cassettes, flash memory cards, digital video disks, 
Bernoulli cartridges, random access memories (RAMs) , 
read-only memories (ROMs) and the like may also be used 
in the exemplary operating environment. Further, as used 
herein, the term ''computer readable medium'' includes one 
or more instances of a media type (e.g., one or more 
floppy disks, one or more CD-ROMs, etc.). 

A number of program modules may be stored on 

11 
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the hard disk, magnetic disk 29, optical disk 31, ROM 24 
or RAM 25, including an operating system 35, one or more 
application programs 36, other program modules 37 and 
program data 38. A user may enter commands and 
information into the personal computer 2 0 through input 
devices such as a keyboard 40 and pointing device^42. 
Other input devices (not shown) may include a microphone, 
joystick, game pad, satellite disk, scanner or the like. 
These and other input devices are often connected to the 
processing unit 21 through a serial port interface 4 6 
that is coupled to the system bus, but may be connected 
by other interfaces, such as a parallel port, game port 
or universal serial bus (USB) . A monitor 47 or other 
type of display device is also connected to the system 
bus 23 via an interface, such as a video adapter 48, In 
addition to the monitor 47, personal computers typically 
include other peripheral output devices (not shown) , such 
as speakers and printers . 

The personal computer 2 0 may operate in a 
networked environment using logical connections to one or 
more remote computers, such as a remote computer 49. The 
remote computer 49 may be another personal computer, a 
server, a router, a network PC, a peer device or other 

12 
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common network node, and typically includes many or all 
of the elements described above relative to the personal 
computer 20, although only a memory storage device 5 0 has 
been illustrated in Figure 1. The logical connections 
depicted in Figure 1 include a local area network (LAN) 
51 and a wide area network (WAN) 52. Such networking 
environments are commonplace in offices, enterprise -wide 
computer networks. Intranets and the Internet. 

When used in a LAN networking environment, the 
personal computer 2 0 is connected to the local network 51 
through a network interface or adapter 53 . When used in 
a WAN networking environment, the personal computer 2 0 
typically includes a modem 54 or other means for 
establishing communications over the wide area network 
52, such as the Internet. The modem 54, which may be 
internal or external, is connected to the system bus 23 
via the serial port interface 46. In a networked 
environment, program modules depicted relative to the 
personal computer 20, or portions thereof, may be stored 
in the remote memory storage device. It will be 
appreciated that the network connections shown are 
exemplary and other means of establishing a 
communications link between the computers may be used. 

13 
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2 . A Network Environment 

Figure 2 illustrates an exemplary network 
environment in which the present invention may be 
employed. Of course, actual network environments can be 
5 arranged in a variety of configurations; however, the 

exemplary environment shown here provides a framework for 
understanding the type of environment in which the 
present invention operates. 

The network may include client computers 20a, 

10 server computer 2 0b, and data source computers 2 0c. 

Client computers 2 0a and data source computers 2 0c are in 
electronic communication with the server computer 2 0b via 
communications network 80 which may be, for example, the 
Internet, Client computers 20a and data source computers 

15 20c are connected to the communications network by way of 
communications interfaces 82, Client computers 20a, data 
source computers 2 0c, and server computers 2 0a are 
computing systems such as, for example, the computer 
system described above with reference to Figure 1. 

20 Communications interfaces 82 can be any one of the well- 
known communications interfaces such as Ethernet 
connections, modem connections, and so on. 

Server computer 2 0b comprises server software 

14 
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that operates as described in detail below to control 
access to documents that are undergoing revision in a 
publishing workflow. The electronic documents that are 
under control of the server software may be located on 
5 server computer 20b, client computer 20a, or data source 
2 0c. Client computers 2 0a can access server computer 2 0b 
via communications network 80 to access documents which 
are being routed through a workflow and which are under 
control of server computer 2 0b, 

10 As will be readily understood by those skilled 

in the art of computer network systems, and others, the 
system illustrated in FIGURE 2 is exemplary, and 
alternative configurations may also be used in accordance 
with the invention. For example, server computer 2 0b may 

15 comprise a plurality of computing devices. Additionally, 
the client computer 20a and server computer 20b may be 
the same physical device. As discussed above, the client 
computer 2 0a and the server computer 2 0b may communicate 
through any type of communication network or 

20 communications medium, 

DETAILED DESCRIPTION OF SYSTEM AND METHOD FOR DOCUMENT 
ISOLATION 



15 
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Figure 3 is a diagram of software modules of 
server software 100 that operate on server computer 20b 
in accordance with aspects of the invention. As shown, 
server software 100 comprises distributed authoring and 
5 versioning (DAV) server 110, publishing engine 112, 

security manager 114, versioning manager 116, and store 
area 118. 

Store area 118 operates as a repository for 
information objects such as folders, documents, and role 

10 memberships as defined on the folders and documents. If, 
upon receipt of a request for a document, the requesting 
user has the appropriate permissions, store area 118 is 
accessed in order to retrieve the requested document. 

DAV server 110 receives requests formatted 

15 according to the DAV standard and forwards the requests 
to the appropriate system software component . DAV server 
is operable to field requests that are formatted to take 
advantage of the publishing capabilities of the system as 
well as those that do not. 

20 Publishing engine 112 provides the capability 

to create and maintain workflows. When a document is 
placed in a workflow, publishing engine 112 provides for 
routing the document to the appropriate persons in the 

16 
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workflow template. 

Versioning manager 114 operates to create ^ 
maintain, and track versions of documents. During the 
period that a document is undergoing a publishing 
5 workflow, numerous versions of a document may be created. 
Versioning manager 114 controls the versioning during the 
publishing process. 

Security manager 116 provides for the creation, 
maintenance, and enforcement of restrictions on 

10 performing publishing operations. Thus, when it is 

desired to create a new publishing operation and define 
which roles may have access to them, security manager 116 
provides the needed functionality. Furthermore, when a 
request to perform a publishing operation is received, 

15 security manager 116 determines whether the particular 
user has been granted permissions to the operation. 

Generally, workflow templates may be used in 
the publishing environment to insure that a new document 
or a revision to an existing document is subject to a 

20 standard review procedure before it becomes generally 
available. For example, a manager of a testing 
department may desire to establish a document publishing 
workflow through which all test -plan documents must pass 

17 
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prior to being made generally available. During the 
period that a new document or a revision to a document is 
undergoing editing and approval in the workflow template, 
those users that are not involved with the approval 
process should have access to the base document while 
those persons involved with the approval process should 
be directed to the latest version of the revised 
document. According to an aspect of the invention, 
access to the base document as well as any versions that 
may be created during a publishing workflow are 
controlled by placing read/write security controls on the 
documents. Similarly, permissions to perform a 
publishing operation are identified through security 
controls on the base document. 

Figure 4 illustrates an exemplary publishing 
workflow that may be implemented using systems and 
methods in accordance with the present invention. The 
workflow can be thought of as encompassing various stages 
or "states" through which a document passes. According 
to an aspect of the present invention, the version of the 
document that a user may access as well as the operations 
that the user may perform on a document while it is in a 
particular ''state'' is limited by the role that a user has 

18 
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been granted. 

According to the publishing workflow template 
illustrated in Figure 4, initially a document can be 
thought of as existing in a ''create" state 220. While a 
document is in create state 220, a user, who may be 
referred to as the document owner, can checkout and 
revise a document. As noted in Figure 4, while the 
document is in create state 22 0, users that have been 
assigned roles applicable to the workflow, which in this 
example include reviewer and approver roles, do not have 
privileges to perform specialized publication operations 
on the document. When a document is checked~out by the - 
owner during create state 22 0, users other than the 
owner, referred to collectively as ''public users," cannot 
view the checked-out version of the document. If a 
public user attempts to access the document while it is 
checked-out, the user is redirected to the version of the 
document that existed prior to the document having been 
checked-out . 

While in create state 220, when the owner 
checks- in the document, a publishing workflow is invoked 
and the revised document enters "in- review" state 222 . 
While a document is in in-review state 222, the document 

19 
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owner as well as users that have been assigned the 
reviewer role may check-out the document for editing. In 
contrast, users that have been assigned the approver role 
may not check-out a document while it is in in-review 
state 222. Public users may not even see the new 
document but rather will be referred to the version of 
the document that existed prior to the owner checking-out 
the document. When all of the users with the reviewer 
role have accessed the document, the document is 
forwarded to "in-approval" state 226. 

While a document is in "in-approval" state 
22 6, users that have been assigned the approver role can 
check-out the document to review the document and, if 
appropriate, upon checking-in the document, acknowledge 
their approval of the document. The document owner and 
users that have been assigned the reviewer role do not 
have the capability to check-out the document while it is 
in-approval state 226. Public users do not even see the 
revised document but rather are referred to the version 
of the document that existed prior to the owner checking- 
out the document . 

When all of the users with the approver role 
have accessed the document, the document leaves the 
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publishing workflow and enters ''approved" state 228. In 
approved state 228, the public can access the revised and 
approved document. Users assigned the reviewer and 
approver roles have no special privileges once the 
document has been approved and has left the publishing 
workflow. The approved document may, thereafter, enter 
the create state 22 0 upon being checked out and revised. 

According to an aspect of the present 
invention, during the period that a document is in a 
publishing workflow, the system maintains a working copy 
document corresponding to the base document . Several 
versions of the working copy document may be created over 
the course of the publishing workflow. Users are 
selectively directed to the appropriate version of the 
document as specified by the workflow. Further, users 
are selectively granted the capability to perform 
publishing operations on the document undergoing a 
publishing workflow. 

Generally, access to documents and publishing 
operations that may be performed on those documents is 
controlled using security controls. For each base 
document there is defined a security descriptor and a 
publishing operation access control list (ACL) . 
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Generally, the security descriptor defines who may read 
and write to the document. The security descriptor plays 
an essential part in identifying to which version of a 
document a user should be directed. In particular, users 
5 are directed to the most recent version of a document to 
which they have been granted read access. For example, 
the security descriptors on a base document are evaluated 
in light of the publishing state the document is 
currently in and the user's role to determine if the user 

10 has access to the document at all, and, if so, whether 
the user should be directed to the base document or 
whether the user should be directed to the working copy 
document. Thus, it is possible to identify that the 
general public have read access to a base document while 

15 users that have been assigned the editor role are 
directed to the working copy document . 

The security controls of the present invention 
further comprise a publishing operation access control 
list (ACL) . Generally, the publishing operation ACL's, 

20 which are described in detail below, are maintained for 
each base document. A publishing operation ACL defines 
the publishing operations that may be performed on the 
document, including working copies, by users that have 
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been assigned specific roles. Thus, upon receipt of a 
request to perform a publishing operation on a document, 
the requesting user's roles are evaluated against the 
publishing operation ACL that is associated with the base 
document. The requestor is permitted to perform 
publishing operations on the document to the extent his 
or her roles have been granted privileges to the 
document. For example, if a user is interested in 
performing a check-out operation, he or she issues a 
check-out command on the base document. The publishing 
operation ACL associated with the base document is 
referenced to determine whether the user's roles have 
been granted the privilege to check-out. If so, a new 
version of the working copy of the document is created 
and the access control list associated with the base 
document is modified to identify that only that 
particular user has privileges to perform a check- in 
operation. 

Figure 5 is a table illustrating values for the 
security controls, including security descriptors and 
publishing operation ACL's, that are maintained for an 
exemplary document entitled ''foo.doc'' as the document 
moves through the various states in the publishing 
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workflow described above in connection with Figure 4. As 
shown, the table comprises the following columns: 
role/user column 510 which identifies a user or role; 
file column 512 which identifies the name of a file to 
which the user or role of column 510 has access; 
publishing operation column 514 which corresponds to the 
publishing operation ACL on the base document and which 
identifies the publishing operation, if any, that the 
role or user of column 510 may perform on the file of 
column 512; read write column 516 which corresponds to 
information contained in the security descriptor for the 
document identified in column 512 and which identifies 
whether the user or role identified in column 510 has 
read or write privileges to the file identified in column 
512; public folder column 518 which identifies that the 
file listed therein may be accessed by the general 
public; working folder column 520 which identifies that 
the file listed therein resulted from the operation of 
the publishing workflow and access to the document is 
restricted; and operation performed column 522 which 
identifies the operations that are performed as a 
document progresses through a document publishing 
workflow. The various states (create 220, in-review 222, 

24 
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in-approve 224, and approved 228) that are represented in 
Figure 4 are similarly identified in Figure 5. 

As shown, in create state 220, the document 
foo.doc is generally accessible to the public, as 
5 designated in column 516, and may be checked-out by 
members of the public to revise the document, as 
designated in column 514. If a check-out operation is 
performed by a member of the public, a new working copy 
document, foo_l.doc, is created and maintained separate 

10 from the base document foo.doc. The user that checks-out 
the document is considered to be the ''owner" of the 
document. The security descriptor associated with 
foo_l.doc is set to indicate, as reflected in column 516, 
that the owner has read and write privileges. It should 

15 be noted that members of the public do not have access to 
the new working copy of the document f oo_l . doc and in 
fact, do not have access to any of the subsequent 
versions until the publishing workflow is complete. 
Indeed, public users that are not involved with the 

20 publishing workflow are directed to foo.doc until the 
workflow is complete and a new public document is 
created. The publishing operation ACL associated with the 
base document, foo.doc, is updated, as reflected in 
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column 514, to indicate that the owner may perform a 
check- in operation. 

When the owner performs the check- in operation, 
the "in-review" state of the publishing workflow template 
is entered and a new version of the working copy document 
entitled foo_2.doc is created. The security descriptor 
associated with foo_2.doc is created, as reflected in 
column 516, to identify that the document owner and those 
users with the reviewer role may view the newly created 
foo_2.doc. The public, however, continues to be directed 
to foo.doc and does not even see foo_2.doc. Further, as 
represented in column 514, the publishing operation ACL 
associated with the base document, foo.doc, is updated to 
indicate that the owner and users assigned the reviewer 
role have permissions to perform check-out operations. 

When a user with the reviewer role performs a 
check-out operation on foo_2.doc, a new version of 
working copy document, foo_2wc.doc, is created. The 
security descriptor associated with foo_2wc.doc is 
updated, as reflected in column 516, to identify that the 
reviewer who checked out foo__2-doc has read and write 
privileges to foo_2wc.doc. Accordingly, when the reviewer 
accesses foo.doc, he or she is directed to foo_2wc.doc. 
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The document owner meanwhile, continues to be directed to 
foo_2.doc. Further, as represented in column 514, the 
publishing operation ACL associated with the base 
document, foo.doc, is updated to indicate that the 
reviewer has permissions to perform check- in operations 
while the owner has no permissions. 

When the reviewer has finished editing 
foo_2wc.doc and performs a check-in operation, in-approve 
state 226 is entered and a new document, foo_3,doc, is 
created. The security descriptor related to foo_3.doc 
identifies that the owner, users with the reviewer role, 
and users with the approver role may view the new 
document. Accordingly, if the owner or users with either 
the reviewer or approver role were to request access to 
foo.doc, they will be directed to foo_3,doc. The 
publishing operation ACL associated with base document, 
foo.doc, is updated to indicate that users with the 
approver role may perform a check-out operation. Users 
with the reviewer role no longer have permissions to 
perform check-in operations. 

When a user with the approve role performs a 
check-out operation on foo_3.doc, a new version of the 
working copy document, foo_3wc.doc, is created. As 
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reflected in column 516, the approver who checked out the 
document has permissions to read and write to foo_3wc.doc 
and will automatically be routed to that version when he 
or she accesses foo.doc. The security descriptors 
indicate that the document owner and users with the 
reviewer role may access foo_3.doc but not foo_3wc.doc. 
As designated in column 514, the publishing operation ACL 
associated with the base document indicates that the user 
with the approver role that checked out the document has 
permissions to perform a check- in operation. The 
document owner and users with the reviewer role do not 
have permissions to perform publishing operations. 

As shown, when the user with the approver role 
performs a check- in, or approve operation, the publishing 
workflow is complete and approved state 22 8 is entered. 
Upon the check- in operation being performed, a new 
version of the document, foo_4.doc, is created. Indeed, 
in a preferred embodiment, the base document is 
overwritten by foo_4.doc. As indicated in column 516, 
foo_4.doc is available to the public. This is in 
contrast to the situation at the beginning of the 
workflow wherein the public is directed to the document 
f oo . doc . 

28 
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As the preceding example illustrates, during 
the period that a document is undergoing revision in a 
publishing workflow, a separate copy of the base 
document, the working copy document, is maintained. 
Thus, the base document is isolated from the several 
versions of the working copy document that are created. 
Security controls are placed on the base document to 
identify which document a user may access as well as to 
identify the operations users may perform on those 
documents. Specifically, security descriptors are 
defined for each document and identify which users have 
read and write access to the documents. The security 
descriptor information is used to resolve which document, 
either base or working copy, a user is directed to upon 
receipt of a request to access the document. 
Furthermore, publishing operation ACL's are defined for 
each base document and identify which publishing 
operations, for example, check-out and check- in, a user 
may perform. 

Figure 6 is a flow diagram of a process for 
handling user requests to access a document. As shown, 
at step 610, a request to view a document is received. 
At step 612, the security descriptor on the base document 
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is evaluated to determine whether the user or the user's 
role has read access to the document. If not, at step 
614 the user is denied access to the document. At step 
616 the security descriptor on the base document is 
evaluated in light of the user's role and the publishing 
state in which the document is located to determine if 
the user should be directed to the base document or the 
working copy document. If the user or user's role should 
not have access to the working copy as defined by the 
publishing model state, at step 618, the base document is 
returned to the user. If the user or user's role should 
have access to the working copy as defined by the 
publishing model state in which the document is located, 
at step 62 0, the most recent version of the working copy 
document is returned to the user. 

Figure 7 provides an overview of the process 
for handling user requests to perform a publishing 
operation on a document undergoing revision in a document 
workflow. As shown, at step 710, a request is received 
to perform a publishing operation such as, for example a 
check-out operation. At step 712, it is resolved whether 
the user has permission to perform the requested 
operation on the document. The process for making this 
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determination is described below in detail with reference 
to Figure 8. Generally, however, the resolution is made 
by comparing the requesting user's roles with the 
publishing operation ACL stored in relation with the base 
document . 

If at step 712, it is determined that the user 
does not have permissions to perform the desired 
operation, at step 714, permission is denied. If 
however, the user does have permission, at step 716 a new 
working copy of the document is created. The security 
descriptor for the new document is created so as to 
designate that the appropriate parties have access to the 
document. For example, if the user is performing a 
check-out operation, which causes a new working copy 
document to be generated, the security descriptor 
identifies that the party checking out the document has 
read and write privileges to the document. At step 718, 
the publishing operation ACL on the base document is 
updated to correspond to the changed status of the 
document. For example, if the user has requested to 
check-out the document and a new working copy of the 
document has been created, the publishing operation ACL 
associated with the base document is updated to indicated 



150708 .1 
MSFT-0178 

that only the user who has checked out the document has 
permissions to perform a check- in operation on the 
document. Thereafter, at step 72 0, the user is given 
access to the document and the means to perform the 
requested operation. 

Figure 8 provides a flow chart illustrating the 
process for resolving whether a user should be granted 
permission to perform a publishing operation on a 
document. As shown, at step 810, the roles that have 
been assigned to the user are identified. At step 812, 
the set of roles that have been assigned to the user are 
compared to the list of role privileges within the 
publishing operation ACL that is associated with the base 
document. If at step 814, one or more of the user's 
assigned roles have been granted permission to perform 
the desired operation, at step 816, it is resolved to 
grant permission to perform the operation. If at step 
814, however, none of the user's assigned roles have been 
granted permission to perform the desired operation, at 
step 818, it is resolved to deny permission to perform 
the operation. 

As illustrated by the flow diagrams of Figures 
6, 7, and 8, access to documents and document publishing 
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operations is controlled through the security descriptors 
and publishing operation ACL's that are maintained by the 
system. Security descriptors identify the users that 
have read and write access to the document . The 
5 publishing operation ACL's identify the publishing 
operations that users may perform. 

Figure 9 provides an illustrative example of 
the component parts of a security descriptor for use in 
the present invention. As shown, a security descriptor 

10 comprises owner identifier 910 and a discretionary access 
control list (DACL) 912. Owner identifier 910 identifies 
the user who created the document. DACL 912 comprises a 
series of structures, which might be referred to as 
access control entry (ACE) structures, wherein each 

15 structure comprises an access allowed/denied identifier 
914, and a security identifier (SID) 916. SID 916 
uniquely identifies a user or role. Access 
allowed/denied identifier 914 specifies whether the user 
or role identified by SID 916 has read or write access to 

20 the particular document. As shown, DACL 912 may comprise 
a plurality of entries. 

As described above in relation to Figure 5, the 
documents which a user has permission to access changes 
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as a document proceeds through a workflow. The security 
descriptors related to the documents are modified as 
appropriate to institute and enforce these changes. 
Further, when a request is received to access a document, 
the appropriate document to which the user should be 
directed is resolved using the security descriptors. 

Figure 10 provides an illustrative example of 
the component parts of a publishing operation ACL for use 
in the present invention. As shown, a publishing 
operation ACL comprises a list of structures 1010, 
wherein each structure comprises a global level unique 
identifier (GUID) 1012, a unique security identifier 
(SID) 1014, and an access allowed/denied identifier 1016. 
In one embodiment, structures 1010 may be referred to as 
ACE'S, although the ACE's have been extended from those 
defined for DACL's 912. GUID 1012 identifies a 
publishing operation and SID 1014 identifies a role or 
user that has access to the publishing operation 
identified by GUID 1012. In one embodiment, GUID 1012 is 
a one-to-one mapping with a unique 128 bit number and an 
associated operation. 

As described above in relation to Figure 5, as 
a document proceeds through a workflow, the operations 
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that a user or role can perform on the document change . 
Publishing operation ACL's are modified as appropriate to 
institute and enforce these changes. Further, upon 
receipt of a request to perform a publishing operation, 
5 the publishing operation ACL's are referenced to 
determine whether to permit or deny access to the 
requested operation. 

According to an aspect of the invention, the 
systems and methods are extensible to accommodate new 

10 user-defined publishing workflows, new user-defined 

publishing operations, and new user-defined roles. Thus, 
when a new publishing operation is created, it is 
assigned a new GUID 1012. Similarly, when a new role is 
created, it is assigned a new SID 1014. User-defined 

15 QUID'S and SID's may be added to a publishing operation 
ACL to enforce the restrictions instituted in a new 
workflow template as described above. 

Thus, the present invention provides systems 
and methods for providing document isolation in a 

20 workflow environment. According to an aspect of the 

invention, when a revision is made to a document and the 
revision placed in a publishing workflow, a separate 
^'working" copy of the original or ''base'' document is 
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generated. As the document moves through the workflow, 
new versions of the "working'' copy document may also be 
generated. Security controls, which define who may 
access the original document as well as any versions of 
the working copy document, are defined and stored in 
relation to the documents. The security controls 
further define the types of actions users may take with 
respect to the document. Thus, the invention provides 
for systems and methods that reliably control access to 
documents and that are extensible to accommodate user- 
defined workflows. These aspects of the invention 
provide that the base document may be made available to 
users to view, even while a revision of the document is 
being approved in a publishing workflow. 

Those skilled in the art understand that 
computer readable instructions for performing the above 
described processes can be generated and stored on a 
computer readable medium such as a magnetic disk or CD- 
ROM. Further, a computer such as that described with 
reference to Figure 1 may be arranged with other 
similarly equipped computers in a network, and each 
computer may be loaded with computer readable 
instructions for performing the above described 
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processes. Specifically; referring to Figure 1, 
microprocessor 21 may be programmed to operate in 
accordance with the above-described processes. 

While the invention has been described and 
illustrated with reference to specific embodiments, those 
skilled in the art will recognize that modification and 
variations may be made without departing from the 
principles of the invention as described above and set 
forth in the following claims. In particular, while the 
invention has been described with respect to limiting 
access to documents, the invention may be employed to 
control access to virtually any type of data object 
including folders. Further, while the invention has been 
described in the context of a publishing environment, the 
inventions may apply to other environments as well. 
Accordingly, reference should be made to the appended 
claims as indicating the scope of the invention. 
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CLAIMS 

What is claimed is: 

1, A computer- implemented method for controling 

access to documents during a workflow, comprising: 
5 upon entry of a base document into a workflow, 

creating a working copy of the base document; 

selectively providing a user access to either the 
base document or the working copy of the base document 
depending upon the identity of a user; and 
10 selectively providing access to perform 

operations on the working copy of the base document 
depending upon the identity of a user. 



2. The method of claim 1, further comprising: 

15 storing access control list data in relation to 

the base document, the access control list data defining 

access controls on performing operations of the working 

copy of the base document; and 

storing security descriptor data in relation to 
2 0 the base document and the working copy of the base 
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document, the security descriptor data defining access 
controls on reading the base document and the working copy 
of the base document . 

5 3. The method of claim 2, wherein the step of 

selectively providing access to perform operations on the 
working copy of the base document depending upon the 
identity of a user, further comprises: 

determining using the access control list data 
10 stored in relation to the base document that a user has 
permission to perform an operation on the copy of the base 
document ; and 

allowing the user to perform the operation on the 
copy of the base document . 

15 

4. The method of claim 2, wherein the step of 

selectively providing access to perform operations on the 
working copy of the base document depending upon the 
identity of a user, further comprises: 
20 determining using the access control list data 

stored in relation to the base document that a user does 
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not have permission to perform an operation on the copy of 
the base document; and 

denying the user access to perform the operation 
on the copy of the base document . 

5 

5. The method of claim 2, wherein the access control 

list data comprises information identifying for each of a 
plurality of operations, the set of users that have 
permission to perform the operation, and said act of 

10 selectively providing access to perform operations on the 
working copy of the base document depending upon the 
identity of a user, further comprises: 

referencing the information identifying for each 
of a plurality of operations, the set of users that have 

15 permission to perform the operation; and 

if the user is in the set of users that have 
permission to perform the operation, providing access to 
the operation. 

20 6- The method of claim 2, wherein the access control 

list data comprises information identifying for each of a 
plurality of operations, the set of users that have 
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permission to perform the operation, and said act of 
selectively providing access to perform operations on the 
working copy of the base document depending upon the 
identity of a user, further comprises: 
5 referencing the information identifying for each 

of a plurality of operations, the set of users that have 
permission to perform the operation; and 

if the user is not in the set of users that have 
permission to perform the operation, denying access to the 
10 operation. 



7. The method of claim 5, wherein the set of users 

are defined in terms of the roles that have permission to 
perform the operation, and said act of referencing the 

15 information identifying for each of a plurality of 
operations, the set of users that have permission to 
perform the operation, further comprises: 

resolving for the user the set of roles to which 
the user has been assigned; and 

2 0 determining using the set of roles to which the 

user has been assigned and the set of users defined in 
terms of the roles that have permission to perform the 
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operation, whether the user has permission to perform the 
requested operation. 

8. The method of claim 2, wherein the step of 

5 selectively providing a user access to either the base 
document or the working copy of the base document depending 
upon the identity of a user, further comprises: 

determining using the security descriptor data 
stored in relation to the base document and the working 
10 copy document, that a user has permission to read the 
working copy of the base document ; and 

providing the user access to the working copy of 
the base document , 

15 9. The method of claim 2, wherein the step of 

selectively providing a user access to either the base 
document or the working copy of the base document depending 
upon the identity of a user, further comprises: 

determining using the security descriptor data 

20 stored in relation to the base document and the working 
copy document, that a user does not have permission to read 
the working copy of the base document; and 
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denying the user access to the base document. 

10. The method of claim 2, wherein the security 
descriptor data comprises information identifying the set 

5 of users that have permission to read each of the base 
document and the working copy of the base document, and 
said act of selectively providing access to either the base 
document or the working copy of the base documents 
depending on the identity of the user, further comprises: 

10 referencing the information identifying the set 

of users that have permission to read each of the base 
document and the working copy of the base document; and 

if the user is in the set of users that have 
permission to read the working copy of the base document, 

15 providing access to the working copy of the base document . 

11. The method of claim 10, wherein the set of users 
are defined in terms of the roles that have permission to 
read each of the base document and the working copy of the 

20 base document, and said act of referencing the information 
identifying the set of users that have permission to read 
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each of the base document and the working copy of the base 
document , further comprises : 

resolving for the user the set of roles to which 
the user has been assigned; and 
5 determining using the set of roles to which the 

user has been assigned and the set of user defined in terms 
of the roles that have permission to read each of the base 
document and the working copy of the base document, whether 
the user has permission to read the base document or the 
10 working copy of the base document. 



12. A computer-readable media having stored thereon 
computer -executable instructions for performing the steps 
recited in claim 1. 

15 

13 . A system for providing document isolation in a 
workflow environment, comprising: 

a processor, wherein said processor is operable 
to execute instructions for performing the following acts: 
2 0 maintaining for a base document undergoing a 

publishing workflow, a copy of the base document; 
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maintaining access control data in relation to 
the base document and the copy of the base document; and 

determining based on the access control data, 
whether a user may access the base document or the copy of 
5 the base document . 

14. The system of claim 13, wherein the access 
control data comprises security descriptor data identifying 
the set of users that have permission to read the base 

10 document and the copy of the base document , 

15. The system of claim 14, wherein said processor is 
operable to execute instructions for performing the 
following further acts: 

15 referencing the security descriptor data; and 

determining that a user should be directed to the 
copy of the base document based on the security descriptor 
data . 

20 16. The system of claim 15, wherein the security 

descriptor data identifies a set of roles corresponding to 
the set of users that have permission to read the base 
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document and the copy of the base document, and wherein 
said processor is operable to execute instructions for 
performing the further act of determining the set of roles 
that a user has been assigned. 

5 

17. The system of claim 13, wherein the access 
control data comprises access control list data identifying 
the set of users that have permission to perform operations 
on the copy of the base document . 

10 

18. The system of claim 17, wherein said processor is 
operable to execute instructions for performing the 
following further acts: 

referencing the access control list data; and 
15 determining that a user should be allowed to 

perform an operation on the copy of the base document based 
on the access control list data. 

19. The system of claim 18, wherein the access 
20 control list data identifies a set of roles corresponding 

to the set of users that have permission to perform 
operations on the copy of the base document, and wherein 
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said processor is operable to execute instructions for 
performing the further act of determining the set of roles 
that a user has been assigned. 



5 20. A method of updating access controls to reflect 

the addition of a new operation that may be performed on a 
copy of a base document, in a system wherein access to 
operations to be performed on a copy of the base document 
are controled using an access control list which identifies 
10 the operations that may be performed and the roles that a 
user must have to access those operations, comprising: 

assigning a unique identifier to the new 

operation; 

updating the access control list to include an 
15 entry for the unique identifier for the new operations- 
updating the access control list to include an 

entry identifying the roles that have access to the new 

operation . 
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ABSTRACT OF THE INVENTION 

A computer based system and method of providing 
document isolation during routing of a document through a 
workflow is disclosed. The method comprises maintaining 
5 a separate "working'' copy of the original base document 
while the document is routed through a workflow. Access 
controls, which define who may access the original 
document as well as any versions of the working copy 
document, are defined and stored in relation to the 

10 documents. The access controls further define the types 
of actions users may take with respect to the document. 
Users are selectively directed to the appropriate 
document, either the base document or working copy, and 
selectively granted permission to perform publishing 

15 operations on the working copy document, as determined by 
the access controls. 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 
In Re Application of: 

Tanmoy Dutta, Alexander Balikov, 

Himani Naresh Group Art Unit: Not Yet Assigned 

Examiner: Not Yet Assigned 
For: SYSTEM AND METHOD FOR DOCUMENT ISOLATION 

DECLARATION AND POWER OF ATTORNEY 

As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my name; 
and 

I believe that I am the original, first and sole inventor (if only one name is listed below) 
or an original, first and joint inventor (if plural names are Usted below) of the subject 
matter which is claimed and for which a 

[X] Utility Patent □ Design Patent 

is sought on the invention, whose title appears above, the specification of which: 

E] is attached hereto. 

□ was filed on as Serial No. . 

□ said application having been amended on . 

I hereby state that I have reviewed and understand the contents of the above-identified 
specification, including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose to the U.S. Patent and Trademark Office all 
information known to be material to the patentabiHty of this application in accordance 
with 37 C.F.R. §1.56. 

I hereby claim foreign priority benefits under 35 U.S.C. §119(a-d) of any foreign 
application(s) for patent or inventor's certificate hsted below and have also identified 
below any foreign application for patent or inventor's certificate having a filing date 
before that of any apphcation on which priority is claimed. 
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Priority Country Serial Number Date Filed 

Claimed 

(IfX'd) 



None 



I hereby claim the benefit under 35 U.S.C. §120 of any United States application(s) 

Hsted below and, insofar as the subject matter of each of the claims of this appUcation is 
not disclosed in the prior United States application in the manner provided by the first 
paragraph of 35 U.S.C. §112, 1 acknowledge the duty to disclose to the U.S. Patent and 
Trademark Office all information known to be material to patentabihty as defined in 37 
C.F.R. §1.56 which became available between the filing date of the prior application and 
the national or PCT international filing date of this application. 

Serial Number Date Filed Patented/Pending/ Abandoned 

None 



I hereby claim the benefit under 35 U.S.C. §1 19(e) of any United States provisional 
application(s) hsted below: 

Serial Number Date Filed 

None 



I hereby appoint the following persons as attomey(s) and/or agent(s) to prosecute this 
application and to transact all business in the Patent and Trademark Office connected 
therewith: 
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Katie E. Sako Registration No. 32,628 
Daniel D. Crouse Registration No. 32,022 
of MICROSOFT CORPORATION, One Microsoft Way, Redmond, WA 98052 and 
Steven J. Rocci Registration No. 30,489 
John E. McGlynn Registration No. 42,863 

of WOODCOCK WASHBURN KURTZ MACKIEWICZ & NORRIS LLP, One 

Liberty Place - 46* Floor, Philadelphia, Pennsylvania 19103. 

Please address all telephone calls and correspondence to: 
John E. McGIynn 

WOODCOCK WASHBURN KURTZ 
MACKIEWICZ & NORRIS LLP 

One Liberty Place - 46* Floor 
Philadelphia, PA 19103 
Telephone: (215) 568-3100 

I hereby declare that all statements made herein of my own knowledge are true and that 
all statements made on information and behef are beUeved to be true; and further that 
these statements were made with the knowledge that willful false statements and the like 
so made are punishable by fine or imprisonment, or both, under Section 1001 of Title 18 
of the United States Code and that such willful false statements may jeopardize the 
vahdity of the appUcation or any patent issued thereon. 



Name: 

Tanmoy Dutta 


n 

Sienature: 


Date of Signature: ^ J^y^ 2«>oo 
Citizenshio: U.S.A. 


Mailing Address: 

23224 NE 21'' Place 


City/State of Actual Residence 

Redmond, WA 98053 
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Name: 

Alexander Balikov 

Mailing Address: 

3842 167'^ Place NE, Apt. K2032 
City/State of Actual Residence 

Redmond, WA 98052 



Name: 

Himani Naresh 


Signat«rer4{MY«\A^ Y^CMl2ZiAAj> 
Date of Signature: (j> j2^] OO 
Citizenshio: U.S.A. 


Mailing Address: 

16417 NE 16* Place 


City/State of Actual Residence 

Bellevue, WA 98008 
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Signature: 




Date of Signature: Q) | 1 I ^j) 
Citizenship: U.S.A. 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In Re Application of: 

Tanmoy Dutta, Alexander Balikov, 
Himani Naresh 

Serial No.: Not Yet Assigned 

Filed: Herewith 

For: SYSTEM AND METHOD FOR 
DOCUMENT ISOLATION 



Group Art Unit: Not Yet Assigned 
Examiner: Not Yet Assigned 



Assistant Commissioner for Patents 
Washington DC 20231 



Sir: 



ASSOCIATE POWER OF ATTORNEY 



The undersigned, of the firm WOODCOCK WASHBURN KURTZ 
MACKIEWICZ & NORRIS LLP, One Liberty Place - 46th Floor, Philadelphia, Pennsylvania 
19103, Attorney and/or Agents for AppUcant(s), hereby appoints the following: 



Robert B. Washburn 
Richard E. Kurtz 
John J. Mackiewicz 
Norman L. Norris 
Dale M. Heist 
John W. Caldwell 
Gary H. Levin 
Steven J. Rocci 
Dianne B. Elderkin 
Francis A. Paintin 
John P. Donohue, Jr. 
Henrik D. Parker 
Suzanne E. Miller 
Lynn B. Morreale 
Mark DeLuca 
Joseph Lucci 
Michael P. Dunnam 
Michael D. Stein 
Albert J. Marcellino 
David R. Bailey 
Doreen Yatko Trujillo 



Registration No, 16,574 
Registration No. 19,263 
Registration No. 19,709 
Registration No. 24,196 
Registration No. 28,425 
Registration No. 28,937 
Registration No. 28,734 
Registration No. 30,489 
Registration No. 28,598 
Registration No. 19,386 
Registration No. 29,916 
Registration No. 31,863 
Registration No. 32,279 
Registration No. 32,842 
Registration No. 33,229 
Registration No. 33,307 
Registration No. 32,611 
Registration No. 34,734 
Registration No. 34,664 
Registration No. 35,057 
Registration No. 35,719 



Barbara L. Mullin 
Kevin M. Flannery 
Michael P. Straher 
David A. Cherry 
Albert W. Preston, Jr. 
Anthony J. Rossi 
Terence P. Strobaugh 
Lynn A, Malinoski 
Michael J. Swope 
Michael J. Bonella 
Harold H. Fullmer 
William R. Richter 
Kimberly R. Hild 
Jonathan M. Waldman 
Chad Ziegler 
Gwilym J.O. Attwell 
David N. Farsiou 
Paul K. Legaard 
Maureen S, Gibbons 
Steven H. Meyer 
Paul B. Milcetic 



Registration No. 38,250 
Registration No. 35,871 
Registration No. 38,325 
Registration No. 35,099 
Registration No. 25,366 
Registration No. 24,053 
Registration No. 25,460 
Registration No. 38,788 
Registration No. 38,041 
Registration No. 41,628 
Registration No. 42,560 
Registration No. 43,879 
Registration No. 39,224 
Registration No. 40,861 
Registration No. 44,273 
Registration No. 45,449 
Registration No. 44,104 
Registration No. 38,534 
Registration No. 44,121 
Registration No. 37,189 
Registration No. P46,261 
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Joseph R. Condo 
Michael K. Jones 
Frank T. Carroll 
Hans J. Crosby 
Mark J. Rosen 
Rena Patel 
Mitchell R. Brustein 
Eric H. Vance 
Peter M. UUman 
Thomas E. Watson 
Richard B. LeBlanc 
Joseph D. Rossi 
George J. Awad 
Steven D. Maslowski 
S. Maurice Valla 
Vincent J. Roccia 
Robin S. Quartin 
Maria M. Kourtakis 



Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No, 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 
Registration No. 



42,431 

41,100 

42,392 

44,634 

39,822 

41,412 

38,394 

P47,151 

43,963 

43,243 

39,495 

P47,039 

P46,528 

P46,905 

43,966 

43,887 

45,028 

41,126 



Christine A. Goddard 
Gregory L. Hillyer 
Patrick J. Farley 
Ellen M. Klann 
Steven B. Samuels 



Registration No. P46,73 1 
Registration No. 44,154 
Registration No. 42,524 
Registration No. 44,836 
Registration No. 37,71 1 



his/her associates with full power to prosecute the above-identified application and to transact all 
business in the Patent Office connected therewith and requests that correspondence continue to 
be directed to the firm of WOODCOCK WASHBURN KURTZ MACKIEWICZ & NORRIS 
LLP at the above address. y / / 



Woodcock Washburn Kurtz 
Mackiewicz & Norris LLP 
One Liberty Place - 46th Floor 
Philadelphia PA 19103 
Telephone: (215) 568-3100 

Facsimile: (215) 568-3439 ©i997wwkmn 





McGlynp/ / 
Registration No. 42,863 



